IT Answers » Microsoft Securityhttp://itknowledgeexchange.techtarget.com/itanswers
Sun, 02 Aug 2015 19:14:55 +0000en-UShourly1Best method for locking down a workstation for guest usehttp://itknowledgeexchange.techtarget.com/itanswers/best-method-for-locking-down-a-workstation-for-guest-use/
http://itknowledgeexchange.techtarget.com/itanswers/best-method-for-locking-down-a-workstation-for-guest-use/#commentsThu, 22 Jul 2010 13:58:45 +0000What is the best method for locking down a workstation for guest use? I have been looking at Steady State from Microsoft. Is this easy to setup? Will it prevent the system from being damaged from viruses or spy-ware? Is there a better option?
]]>http://itknowledgeexchange.techtarget.com/itanswers/best-method-for-locking-down-a-workstation-for-guest-use/feed/0Can I push out Microsoft Security Essentials to an entire network?http://itknowledgeexchange.techtarget.com/itanswers/can-i-push-out-microsoft-security-essentials-to-an-entire-network/
http://itknowledgeexchange.techtarget.com/itanswers/can-i-push-out-microsoft-security-essentials-to-an-entire-network/#commentsTue, 12 Apr 2011 16:35:31 +0000http://itknowledgeexchange.techtarget.com/itanswers/can-i-push-out-microsoft-security-essentials-to-an-entire-network/feed/2Unauthorised deployment, MS Hotfix’s remotely deployed via CMD, non-stop silent system file corruptions, unattended installations – how can I protect?http://itknowledgeexchange.techtarget.com/itanswers/unauthorised-deployment-ms-hotfixs-remotely-deployed-via-cmd-non-stop-silent-system-file-corruptions-unattended-installations-how-can-i-protect/
http://itknowledgeexchange.techtarget.com/itanswers/unauthorised-deployment-ms-hotfixs-remotely-deployed-via-cmd-non-stop-silent-system-file-corruptions-unattended-installations-how-can-i-protect/#commentsThu, 28 Apr 2011 03:55:37 +0000Hi, I could really use some help securing my systems. I have been having some problems with deployment functionality being used to effectively supercede the BUILTIN Administrator accounts in my systems, limiting it’s privileges substantially.

About 9 weeks ago, I noticed my Permissions were being taken away whilst logged in as Administrator, and I was unable to wrestle them back from Trusted Installer, who took control of all Audit and Special permissions, basically taking Full Control and removing my access. I was unable to delete some files, download others, and execute some applications (mostly AV programs). A flash Gmer scan showed up a rootkit:

From that point, I started seeing new symtoms every time I had to format and reinstall; which was often. A number of times, Hotfixes were deployed despite Windows Update being deactivated; as soon as I brought the system online - one example:
http://i.imgur.com/Lm6uo.png

Confused, I checked Event log and saw the Hotfix had been installed by a command:
http://i.imgur.com/kMPmj.png

I Googled the command and only a handful of hits, all referencingForefront Endpoint Protection, which I guess was remotely deploying onto my system. My systems are now all mostly kaput, having been very well protected...from me.

I have mountains of data but I don't have the requisite skills / knowledge to secure my systems (I'm about to buy new ones, but not until I can figure out how to secure them).

I have cbs.log files that are just...I can't make sense of them, one example: Yesterday, a MSSE update downloaded by MSSE suddenly appeared in Windows Update 6 hrs later as an optional update. I downloaded and installed it, the entire process took under a minute. I checked cbs.log and almost fell off my chair. I think 7100 cbs.log entries in 41 seconds. But I don't know what they're telling me.

In my cbs.log files, I see client initiated sessions by DISM, Package Manager Provider, Software Explorer and various things which all seem to suggest unattended installations.

If I run sfc /scannow it finds a lot of corrupted files and replaces them. If I run sfc /verifyonly it finds a lot of corrupted files and replaces them. I found that pretty surprising. I don't know if SFP or WFP are the 'enemy' or an 'ally'; but they're working against each other, with WFP silently replacing all the files replaced by sfc /scannow. And it goes around in circles, like that.

I just ran sfc /scannow to create some output. 3253 lines from a single sfc /scannow command; the first 400 of which are here: http://codepad.org/V3gFV7Z0 (I can upload the entire logs to Google Docs for download if that will assist?)

I'm rather annoyed at myself, in hindsight, for wasting my time on malware forums. I should have realised months ago the malware (of which there is plenty) is merely a side-effect of the real issue; which I think basically boils down to BUILTIN Administrator being relegated and severely limited (services greyed out, permission denied messages, etc)

Thanks in advance for your expertise; and please let me know if there's anything at all I can provide (installation logs, or screenshots or anything) that might assist. cheers!

]]>

http://itknowledgeexchange.techtarget.com/itanswers/unauthorised-deployment-ms-hotfixs-remotely-deployed-via-cmd-non-stop-silent-system-file-corruptions-unattended-installations-how-can-i-protect/feed/5Tips for analyzing our networkhttp://itknowledgeexchange.techtarget.com/itanswers/tips-for-analyzing-our-network/
http://itknowledgeexchange.techtarget.com/itanswers/tips-for-analyzing-our-network/#commentsTue, 24 May 2011 17:43:33 +0000How can we use Microsoft security and baseline analyzer to determine if our network is secure and up to snuff? We are running Windows Server 2003 /Active Directory and XP SP3 clients.
]]>http://itknowledgeexchange.techtarget.com/itanswers/tips-for-analyzing-our-network/feed/3Microsoft Management Console securityhttp://itknowledgeexchange.techtarget.com/itanswers/mmc-consoles/
http://itknowledgeexchange.techtarget.com/itanswers/mmc-consoles/#commentsTue, 02 Nov 2010 05:47:37 +0000how can i create any restrictions in system and prevent others to crack this console or open mcc application
]]>http://itknowledgeexchange.techtarget.com/itanswers/mmc-consoles/feed/0Have you tried Microsoft Security Essentials?http://itknowledgeexchange.techtarget.com/itanswers/have-you-tried-microsoft-security-essentials/
http://itknowledgeexchange.techtarget.com/itanswers/have-you-tried-microsoft-security-essentials/#commentsThu, 08 Oct 2009 18:05:34 +0000Microsoft Security Essentials was released last week — have you tested it? Are you planning on implementing it? If not, what antivirus/antimalware package do you use?
]]>http://itknowledgeexchange.techtarget.com/itanswers/have-you-tried-microsoft-security-essentials/feed/8Conflict with print drivers and security when we load and use Microsoft ISA clienthttp://itknowledgeexchange.techtarget.com/itanswers/conflict-with-print-drivers-and-security/
http://itknowledgeexchange.techtarget.com/itanswers/conflict-with-print-drivers-and-security/#commentsSun, 27 Jun 2010 13:06:44 +0000We are locking up our print drivers when we load and use Microsoft ISA client. Any ideas how to resolve conflict?
]]>http://itknowledgeexchange.techtarget.com/itanswers/conflict-with-print-drivers-and-security/feed/1Forefront: All-in-one or best-of-breed?http://itknowledgeexchange.techtarget.com/itanswers/forefront-all-in-one-or-best-of-breed/
http://itknowledgeexchange.techtarget.com/itanswers/forefront-all-in-one-or-best-of-breed/#commentsThu, 11 Mar 2010 15:15:30 +0000I recently talked to two Forefront customers, who had a lot of praise for Forefront’s all-in-one management console and its protection against external threats. Any Forefront users out there? What do you think? Do you agree? What have been some of your challenges?

Also: what do you consider to be the trade-offs of going with a best-of-breed solution over an all-in-one system like Forefront?